I was wondering which browser is the most secure today, Firefox, Internet Explorer, Chrome, or Safari on a Windows machine with the user running as a Power User/Administrator account.

This is not a question about which browser is the best because its the most usable, but more of a question if asked for security, which browser is the most secure given an everyday user's experience (JavaScript, Flash, Ads, etc).

Also, would the choice for most secure change if the user was running as a restricted user?

To clarify, I'm looking for an answer that's based in research on potential and common exploits and how long it takes for critical problems to be patched.

Edit: My approach for this question is basically, what would you recommend to your boss, co-worker, or relative, who probably an average user.

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
If this question can be reworded to fit the rules in the help center, please edit the question.

2

Don't install Flash and nearly any browser will be a lot saver ;-)
–
Ivo Flipse♦Mar 9 '10 at 7:08

1

I'd suggest adding Opera to the list. It's free, fully supported, and works well. I don't know how it compares for security, but it has been very innovative in the past.
–
David ThornleyMar 9 '10 at 15:05

You don't want any extensions or plugins in your browser for minimum attack surface. Since in most browsers those run with full trust they violate certain browser security precautions such as integrity levels on Windows as used by IE and Chrome.
–
JoeyMar 9 '10 at 17:39

6 Answers
6

I think it really depends on who you ask. I've never seen an end-all-be-all answer to this question, and I doubt I ever will. Each company takes their own approach to securing the browser, and even though the end result is almost always the same, their methods can be entirely different.

To answer your question about limited user? Absolutely, yes. Running as a limited user is the absolute best thing you can do to protect yourself (in my opinion, anyways). I am a well-learned computer user running Windows 7, and there has been a time or two where the UAC prompt pops up unexpectedly and I stop to see what it is that is asking for access1.

Having my users at work run as a limited user prevented AntiVirus 20102 from being installed (it still caused some issues I had to fix, but it didn't manage to install itself - that's the important part).

A recent contest at CanSecWest, an
event that brings together some of the
most skilled experts in the security
community, has demonstrated that the
three most popular browser are
susceptible to security bugs despite
the vigilance and engineering prowess
of their creators. Firefox, Safari,
and Internet Explorer were all
exploited during the Pwn2Own competition that took place at the
conference. Google's Chrome browser,
however, was the only one left
standing—a victory that security
researchers attribute to its
innovative sandbox feature.

During July 2009, a company called NSS Labs performed two separate browser
security tests, which Amy Barzdukas,
General Manager of Internet Explorer,
told Ars that Microsoft had sponsored.
Right off the bat, your suspicions
have probably been raised, and rightly
so. Internet Explorer 8 performed very
well in all the tests and, while
Microsoft insists that it had no
impact on the results, we must still
be cautious when examining the
reports.

Before we go to the results, it's
worth noting that NSS Labs chose to
test what it thinks are the most
important types of security threats:

The most common and impactful
'security threats' facing users today
are socially engineered malware and
phishing attacks. As such, they have
been the primary focus of our initial
research. While drive-by downloads and
click-jacking are also effective
attacks and have achieved notable
publicity, they represent a smaller
percentage of today's threats.
According to Microsoft, the malware
report is more important than the
phishing report, so we've put it
first. "We block 20 times more malware
per day than phishing sites in IE8,"
Barzdukas told Ars. IE8 block malware
for approximately 1 out of 40 users
every week, and approximately 1 of
every 200 downloads is blocked as
malicious.

I am not quite sure about this, but this "phishing site blocking" and "malware blocking" sounds a lot like Google Safe Browsing, which is included in Safari and Chrome (Firefox via extensions) but is probably not included in the above chart for said browsers.
–
bastibeMar 9 '10 at 14:20

The other thing to consider is that a lot of malware attacks are actually based on social engineering principles. Basically, rather than trying to install something surreptitiously, they get the user to initiate the install and bypass security that way.

So even the most secure browser is at the mercy of the weakest link in the chain - which is always the user.

Don't think that running in User mode will help. If the user is determined to install they'll click "Run As admin" (assuming that they know the admin password), so keep your admin password from your users.

I forget who originally said, "Given a button to press to get dancing pigs on the monitor and also start global thermonuclear war, users will click to get the dancing pigs".
–
David ThornleyMar 9 '10 at 15:07

That's my solution. However, I don't think the average user will do well with NoScript, and the question was about the average person.
–
David ThornleyMar 9 '10 at 15:06

Also it's fun to see that Firefox's security model with extensions is about as secure as Windows 95 was with applications running there. Doesn't appear in stats about safety from internet-based attacks, but certainly something to consider. Microsoft and Google are way ahead on that front. See cerias.purdue.edu/site/blog/post/… and cerias.purdue.edu/site/blog/post/…
–
JoeyMar 9 '10 at 17:37

The browser itself is not the only vulnerability that you need to consider. A lot of recent successful exploits in the wild have been via plugins such as Flash or Acrobat Reader. Irrespective of the browser you chose your susceptibility to exploits that attack these plugins is the same. Adobe were very slow to release patches for a couple of exploits last year, and I'm guessing there were/are other less publicised long-unpatched issues in other plugins, so this is a very real concern that you need to consider when assessing the idea of running your browser as a privileged user.

You don't specify a particular OS/version in your question - this can make quite a difference too. IE8 on Vista and 7 is more secure than IE8 on XP because of the different privileged separation it employs under Vista/7, which can change the potential risk a given unpatched exploit exposes you to.

If you are super paranoid you could set up a VM with your browser of choice, take a snapshot, and then revert to snapshot every few days. That way if you do acquire any malware you just wipe it away. But ideally you would also use a secure browser in there as well. Also then you could assign a static IP to your VM and set the rest of the machines on the network to deny all traffic from that IP, as it should only ever have to talk to the router. I would then use either firefox or chrome as the web browser, and have a non adobe PDF viewer. Ideally have a second VM set up with flash enabled if you want to view flash pages, and don't do anything on that VM that involves personal data.